Lucene search
K

320 matches found

Openbugbounty
Openbugbounty
added 2019/07/22 3:9 p.m.12 views

uniglassplus.com Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1914 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting uniglassplus.com website and its users. Following...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2019/07/10 7:3 a.m.8 views

brusselsjazzweekend.be Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-885239 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting brusselsjazzweekend.be websit...

0.2AI score
Exploits0
EUVD
EUVD
added 2019/06/11 6:35 p.m.9 views

EUVD-2019-4349

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

9.8CVSS9.5AI score0.1049EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/05/06 12:0 a.m.3 views

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in processing the relative path to the catalog during the export of repository content into an archive. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server by...

5CVSS6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/06/12 12:0 a.m.4 views

IBM Robotic Process Automation with Automation Anywhere Arbitrary Command Execution Vulnerability

IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A security vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 10.0, which stems from the program's failure to properly encode...

8CVSS7.1AI score0.02178EPSS
Exploits0References1
0day.today
0day.today
added 2018/04/25 12:0 a.m.56 views

Shopy Point of Sale v1.0 - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Kali...

0.07459EPSS
Exploits5
CNVD
CNVD
added 2018/04/19 12:0 a.m.2 views

Open-AudIT CSV Injection Vulnerability

Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A security vulnerability exists in the export function in versions prior to Open-AudIT 2.2. An attacker can exploit the vulnerability to inject Windows...

6.8CVSS6.8AI score0.02839EPSS
Exploits5References1
CNVD
CNVD
added 2018/04/16 12:0 a.m.6 views

Convert Forms CSV Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...

7.8CVSS7.3AI score0.09568EPSS
Exploits5References1
Hacker One
Hacker One
added 2017/11/03 4:44 p.m.16 views

Trello: CSV injection [N/A]

Hello, We can inject commands in the name field of a board =210 or =cmd|'/C calc'!AO for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim...

7.1AI score
Exploits0
Veracode
Veracode
added 2017/10/25 2:13 a.m.23 views

CSV Injection

keystone is vulnerable to CSV injection attacks. These attacks are possible because of a mishandled value during the exporting of a CSV file...

8.8CVSS8.7AI score0.07217EPSS
Exploits4References5Affected Software1
CNVD
CNVD
added 2017/08/29 12:0 a.m.3 views

Framadate CSV Export Input Validation Vulnerability

Framadate is a free polling software developed by the Framadate team.CSV Export is one of the CVS Comma Separated Values export components. A security vulnerability exists in CSV Export in Framadate version 1.0. An attacker can exploit this vulnerability to obtain information and execute code...

9.8CVSS9.3AI score0.02625EPSS
Exploits0References1
OSV
OSV
added 2017/05/19 3:29 p.m.4 views

CVE-2017-4979

EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports...

7.1CVSS5.8AI score0.00827EPSS
Exploits0References1
OSV
OSV
added 2016/12/11 2:59 a.m.2 views

DEBIAN-CVE-2016-6617

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions prior to 4.6.4 are affected...

8.1CVSS8.1AI score0.01506EPSS
Exploits0References1
OSV
OSV
added 2016/12/11 2:59 a.m.1 views

DEBIAN-CVE-2016-6611

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

8.1CVSS9.6AI score0.01562EPSS
Exploits0References1
myhack58
myhack58
added 2016/03/10 12:0 a.m.27 views

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.73 views

SaaS Marketing platform Hubspot export vulnerability

Hubspot is a widely used SaaS marketing platform to email all your customers, collect data about them and attract new customers. It's is common practice to keep customer lists in Hubspot to send newsletters or other email communication. Hubspot has hardcoded roles that grant users access to vario...

2AI score
Exploits0
Hacker One
Hacker One
added 2014/09/27 5:23 p.m.25 views

Sucuri: Usage of HTTP for exporting graph data as images

Whenever a user of waf.sucuri.net exports his reports graph data as a png, an unencrypted request is sent over to export.highcharts.com. This enables a mitm-able attacker to sniff and|or replace exported image. Also, the whole practice of offloading potentially private user data to an unrelated...

6.8AI score
Exploits0
OSV
OSV
added 2013/07/29 2:6 p.m.12 views

MGASA-2013-0238 Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

6.5CVSS6.2AI score0.01832EPSS
Exploits0References8
phpMyAdmin
phpMyAdmin
added 2013/04/24 12:0 a.m.45 views

Local file inclusion vulnerability.

PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...

6.5CVSS7.2AI score0.05485EPSS
Exploits5Affected Software1
Cvelist
Cvelist
added 2008/05/14 6:0 p.m.22 views

CVE-2008-2226

Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information...

6.8AI score0.01218EPSS
Exploits0References4
Rows per page
Query Builder